- Linux-stable-mirror - lists.linaro.org

[alternative-merged] arm64-kexec-initialize-kexec_buf-struct-in-image_load.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: arm64: kexec: initialize kexec_buf struct in image_load() has been removed from the -mm tree. Its filename was arm64-kexec-initialize-kexec_buf-struct-in-image_load.patch This patch was dropped because an alternative patch was or shall be merged ------------------------------------------------------ From: Breno Leitao <leitao(a)debian.org> Subject: arm64: kexec: initialize kexec_buf struct in image_load() Date: Tue, 26 Aug 2025 05:08:51 -0700 The kexec_buf structure was previously declared without initialization in image_load(). This led to a UBSAN warning when the structure was expanded and uninitialized fields were accessed [1]. Zero-initializing kexec_buf at declaration ensures all fields are cleanly set, preventing future instances of uninitialized memory being used. Fixes this UBSAN warning: [ 32.362488] UBSAN: invalid-load in ./include/linux/kexec.h:210:10 [ 32.362649] load of value 252 is not a valid value for type '_Bool' Andrew Morton suggested that this function is only called 3x a week[2], thus, the memset() cost is inexpensive. Link: https://lore.kernel.org/all/oninomspajhxp4omtdapxnckxydbk2nzmrix7rggmpukpnz… [1] Link: https://lore.kernel.org/all/20250825180531.94bfb86a26a43127c0a1296f@linux-f… [2] Link: https://lkml.kernel.org/r/20250826-akpm-v1-1-3c831f0e3799@debian.org Fixes: bf454ec31add ("kexec_file: allow to place kexec_buf randomly") Signed-off-by: Breno Leitao <leitao(a)debian.org> Suggested-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Baoquan He <bhe(a)redhat.com> Cc: Coiby Xu <coxu(a)redhat.com> Cc: "Daniel P. Berrange" <berrange(a)redhat.com> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Dave Young <dyoung(a)redhat.com> Cc: Kairui Song <ryncsn(a)gmail.com> Cc: Liu Pingfan <kernelfans(a)gmail.com> Cc: Milan Broz <gmazyland(a)gmail.com> Cc: Ondrej Kozina <okozina(a)redhat.com> Cc: Vitaly Kuznetsov <vkuznets(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/arm64/kernel/kexec_image.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/arm64/kernel/kexec_image.c~arm64-kexec-initialize-kexec_buf-struct-in-image_load +++ a/arch/arm64/kernel/kexec_image.c @@ -41,7 +41,7 @@ static void *image_load(struct kimage *i struct arm64_image_header *h; u64 flags, value; bool be_image, be_kernel; - struct kexec_buf kbuf; + struct kexec_buf kbuf = {}; unsigned long text_offset, kernel_segment_number; struct kexec_segment *kernel_segment; int ret; _ Patches currently in -mm which might be from leitao(a)debian.org are arm64-kexec-initialize-kexec_buf-struct-in-load_other_segments.patch riscv-kexec-initialize-kexec_buf-struct.patch s390-kexec-initialize-kexec_buf-struct.patch

1 week, 4 days

1
0
0 0

[PATCH v7 03/12] i2c: rtl9300: remove broken SMBus Quick operation support

by Jonas Jelonek

Remove the SMBus Quick operation from this driver because it is not natively supported by the hardware and is wrongly implemented in the driver. The I2C controllers in Realtek RTL9300 and RTL9310 are SMBus-compliant but there doesn't seem to be native support for the SMBus Quick operation. It is not explicitly mentioned in the documentation but looking at the registers which configure an SMBus transaction, one can see that the data length cannot be set to 0. This suggests that the hardware doesn't allow any SMBus message without data bytes (except for those it does on it's own, see SMBus Block Read). The current implementation of SMBus Quick operation passes a length of 0 (which is actually invalid). Before the fix of a bug in a previous commit, this led to a read operation of 16 bytes from any register (the one of a former transaction or any other value. This caused issues like soft-bricked SFP modules after a simple probe with i2cdetect which uses Quick by default. Running this with SFP modules whose EEPROM isn't write-protected, some of the initial bytes are overwritten because a 16-byte write operation is executed instead of a Quick Write. (This temporarily soft-bricked one of my DAC cables.) Because SMBus Quick operation is obviously not supported on these controllers (because a length of 0 cannot be set, even when no register address is set), remove that instead of claiming there is support. There also shouldn't be any kind of emulated 'Quick' which just does another kind of operation in the background. Otherwise, specific issues occur in case of a 'Quick' Write which actually writes unknown data to an unknown register. Fixes: c366be720235 ("i2c: Add driver for the RTL9300 I2C controller") Cc: <stable(a)vger.kernel.org> # v6.13+ Signed-off-by: Jonas Jelonek <jelonek.jonas(a)gmail.com> Tested-by: Sven Eckelmann <sven(a)narfation.org> Reviewed-by: Chris Packham <chris.packham(a)alliedtelesis.co.nz> Tested-by: Chris Packham <chris.packham(a)alliedtelesis.co.nz> # On RTL9302C based board Tested-by: Markus Stockhausen <markus.stockhausen(a)gmx.de> --- drivers/i2c/busses/i2c-rtl9300.c | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/drivers/i2c/busses/i2c-rtl9300.c b/drivers/i2c/busses/i2c-rtl9300.c index ebd4a85e1bde..9e6232075137 100644 --- a/drivers/i2c/busses/i2c-rtl9300.c +++ b/drivers/i2c/busses/i2c-rtl9300.c @@ -235,15 +235,6 @@ static int rtl9300_i2c_smbus_xfer(struct i2c_adapter *adap, u16 addr, unsigned s } switch (size) { - case I2C_SMBUS_QUICK: - ret = rtl9300_i2c_config_xfer(i2c, chan, addr, 0); - if (ret) - goto out_unlock; - ret = rtl9300_i2c_reg_addr_set(i2c, 0, 0); - if (ret) - goto out_unlock; - break; - case I2C_SMBUS_BYTE: if (read_write == I2C_SMBUS_WRITE) { ret = rtl9300_i2c_config_xfer(i2c, chan, addr, 0); @@ -344,9 +335,9 @@ static int rtl9300_i2c_smbus_xfer(struct i2c_adapter *adap, u16 addr, unsigned s static u32 rtl9300_i2c_func(struct i2c_adapter *a) { - return I2C_FUNC_SMBUS_QUICK | I2C_FUNC_SMBUS_BYTE | - I2C_FUNC_SMBUS_BYTE_DATA | I2C_FUNC_SMBUS_WORD_DATA | - I2C_FUNC_SMBUS_BLOCK_DATA | I2C_FUNC_SMBUS_I2C_BLOCK; + return I2C_FUNC_SMBUS_BYTE | I2C_FUNC_SMBUS_BYTE_DATA | + I2C_FUNC_SMBUS_WORD_DATA | I2C_FUNC_SMBUS_BLOCK_DATA | + I2C_FUNC_SMBUS_I2C_BLOCK; } static const struct i2c_algorithm rtl9300_i2c_algo = { -- 2.48.1

1 week, 4 days

2
1
0 0

[PATCH v2] drm/xe: Extend Wa_13011645652 to PTL-H, WCL

by Julia Filipchuk

Expand workaround to additional graphics architectures. Fixes: dddc53806dd2 ("drm/xe/ptl: Apply Wa_13011645652") Cc: Vinay Belgaumkar <vinay.belgaumkar(a)intel.com> Cc: Stuart Summers <stuart.summers(a)intel.com> Cc: Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> Cc: Lucas De Marchi <lucas.demarchi(a)intel.com> Cc: "Thomas Hellström" <thomas.hellstrom(a)linux.intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: intel-xe(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.15+ Signed-off-by: Julia Filipchuk <julia.filipchuk(a)intel.com> --- drivers/gpu/drm/xe/xe_wa_oob.rules | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/xe/xe_wa_oob.rules b/drivers/gpu/drm/xe/xe_wa_oob.rules index e990f20eccfe..710f4423726c 100644 --- a/drivers/gpu/drm/xe/xe_wa_oob.rules +++ b/drivers/gpu/drm/xe/xe_wa_oob.rules @@ -30,7 +30,8 @@ 16022287689 GRAPHICS_VERSION(2001) GRAPHICS_VERSION(2004) 13011645652 GRAPHICS_VERSION(2004) - GRAPHICS_VERSION(3001) + GRAPHICS_VERSION_RANGE(3000, 3001) + GRAPHICS_VERSION(3003) 14022293748 GRAPHICS_VERSION_RANGE(2001, 2002) GRAPHICS_VERSION(2004) GRAPHICS_VERSION_RANGE(3000, 3001) -- 2.50.1

1 week, 4 days

4
4
0 0

[PATCH 5.4 only] powerpc: boot: Remove unnecessary zero in label in udelay()

by Nathan Chancellor

When building powerpc configurations in linux-5.4.y with binutils 2.43 or newer, there is an assembler error in arch/powerpc/boot/util.S: arch/powerpc/boot/util.S: Assembler messages: arch/powerpc/boot/util.S:44: Error: junk at end of line, first unrecognized character is `0' arch/powerpc/boot/util.S:49: Error: syntax error; found `b', expected `,' arch/powerpc/boot/util.S:49: Error: junk at end of line: `b' binutils 2.43 contains stricter parsing of certain labels [1]. Remove the unnecessary leading zero to fix the build. This is only needed in linux-5.4.y because commit 8b14e1dff067 ("powerpc: Remove support for PowerPC 601") removed this code altogether in 5.10. Link: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=226749d5a6ff0d5c6… [1] Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- arch/powerpc/boot/util.S | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/boot/util.S b/arch/powerpc/boot/util.S index f11f0589a669..5ab2bc864e66 100644 --- a/arch/powerpc/boot/util.S +++ b/arch/powerpc/boot/util.S @@ -41,12 +41,12 @@ udelay: srwi r4,r4,16 cmpwi 0,r4,1 /* 601 ? */ bne .Ludelay_not_601 -00: li r0,86 /* Instructions / microsecond? */ +0: li r0,86 /* Instructions / microsecond? */ mtctr r0 10: addi r0,r0,0 /* NOP */ bdnz 10b subic. r3,r3,1 - bne 00b + bne 0b blr .Ludelay_not_601: base-commit: c25f780e491e4734eb27d65aa58e0909fd78ad9f -- 2.51.0

1 week, 4 days

3
4
0 0

[PATCH] media: s5p-mfc: Always pass NULL to s5p_mfc_cmd_host2risc_v6()

by Nathan Chancellor

A new warning in clang [1] points out a few places in s5p_mfc_cmd_v6.c where an uninitialized variable is passed as a const pointer: drivers/media/platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c:45:7: error: variable 'h2r_args' is uninitialized when passed as a const pointer argument here [-Werror,-Wuninitialized-const-pointer] 45 | &h2r_args); | ^~~~~~~~ drivers/media/platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c:133:7: error: variable 'h2r_args' is uninitialized when passed as a const pointer argument here [-Werror,-Wuninitialized-const-pointer] 133 | &h2r_args); | ^~~~~~~~ drivers/media/platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c:148:7: error: variable 'h2r_args' is uninitialized when passed as a const pointer argument here [-Werror,-Wuninitialized-const-pointer] 148 | &h2r_args); | ^~~~~~~~ The args parameter in s5p_mfc_cmd_host2risc_v6() is never actually used, so just pass NULL to it in the places where h2r_args is currently passed, clearing up the warning and not changing the functionality of the code. Cc: stable(a)vger.kernel.org Fixes: f96f3cfa0bb8 ("[media] s5p-mfc: Update MFC v4l2 driver to support MFC6.x") Link: https://github.com/llvm/llvm-project/commit/00dacf8c22f065cb52efb14cd091d44… [1] Closes: https://github.com/ClangBuiltLinux/linux/issues/2103 Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- From what I can tell, it seems like ->cmd_host2risc() is only ever called from v6 code, which always passes NULL? It seems like it should be possible to just drop .cmd_host2risc on the v5 side, then update .cmd_host2risc to only take two parameters? If so, I can send a follow up as a clean up, so that this can go back relatively conflict free. --- .../platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c | 22 +++++----------------- 1 file changed, 5 insertions(+), 17 deletions(-) diff --git a/drivers/media/platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c b/drivers/media/platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c index 47bc3014b5d8..735471c50dbb 100644 --- a/drivers/media/platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c +++ b/drivers/media/platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c @@ -31,7 +31,6 @@ static int s5p_mfc_cmd_host2risc_v6(struct s5p_mfc_dev *dev, int cmd, static int s5p_mfc_sys_init_cmd_v6(struct s5p_mfc_dev *dev) { - struct s5p_mfc_cmd_args h2r_args; const struct s5p_mfc_buf_size_v6 *buf_size = dev->variant->buf_size->priv; int ret; @@ -41,33 +40,23 @@ static int s5p_mfc_sys_init_cmd_v6(struct s5p_mfc_dev *dev) mfc_write(dev, dev->ctx_buf.dma, S5P_FIMV_CONTEXT_MEM_ADDR_V6); mfc_write(dev, buf_size->dev_ctx, S5P_FIMV_CONTEXT_MEM_SIZE_V6); - return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_SYS_INIT_V6, - &h2r_args); + return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_SYS_INIT_V6, NULL); } static int s5p_mfc_sleep_cmd_v6(struct s5p_mfc_dev *dev) { - struct s5p_mfc_cmd_args h2r_args; - - memset(&h2r_args, 0, sizeof(struct s5p_mfc_cmd_args)); - return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_SLEEP_V6, - &h2r_args); + return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_SLEEP_V6, NULL); } static int s5p_mfc_wakeup_cmd_v6(struct s5p_mfc_dev *dev) { - struct s5p_mfc_cmd_args h2r_args; - - memset(&h2r_args, 0, sizeof(struct s5p_mfc_cmd_args)); - return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_WAKEUP_V6, - &h2r_args); + return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_WAKEUP_V6, NULL); } /* Open a new instance and get its number */ static int s5p_mfc_open_inst_cmd_v6(struct s5p_mfc_ctx *ctx) { struct s5p_mfc_dev *dev = ctx->dev; - struct s5p_mfc_cmd_args h2r_args; int codec_type; mfc_debug(2, "Requested codec mode: %d\n", ctx->codec_mode); @@ -130,14 +119,13 @@ static int s5p_mfc_open_inst_cmd_v6(struct s5p_mfc_ctx *ctx) mfc_write(dev, 0, S5P_FIMV_D_CRC_CTRL_V6); /* no crc */ return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_OPEN_INSTANCE_V6, - &h2r_args); + NULL); } /* Close instance */ static int s5p_mfc_close_inst_cmd_v6(struct s5p_mfc_ctx *ctx) { struct s5p_mfc_dev *dev = ctx->dev; - struct s5p_mfc_cmd_args h2r_args; int ret = 0; dev->curr_ctx = ctx->num; @@ -145,7 +133,7 @@ static int s5p_mfc_close_inst_cmd_v6(struct s5p_mfc_ctx *ctx) mfc_write(dev, ctx->inst_no, S5P_FIMV_INSTANCE_ID_V6); ret = s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_CLOSE_INSTANCE_V6, - &h2r_args); + NULL); } else { ret = -EINVAL; } --- base-commit: 347e9f5043c89695b01e66b3ed111755afcf1911 change-id: 20250715-media-s5p-mfc-fix-uninit-const-pointer-cbf944ae4b4b Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

1 week, 4 days

3
5
0 0

[PATCH 5.4 00/23] 5.4.298-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.298 release. There are 23 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 04 Sep 2025 13:19:14 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.298-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.298-rc1 Imre Deak <imre.deak(a)intel.com> Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS" Fabio Porcedda <fabio.porcedda(a)gmail.com> net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amdgpu: fix incorrect vm flags to map bo" Minjong Kim <minbell.kim(a)samsung.com> HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() Ping Cheng <pinglinux(a)gmail.com> HID: wacom: Add a new Art Pen 2 Qasim Ijaz <qasdev00(a)gmail.com> HID: asus: fix UAF via HID_CLAIMED_INPUT validation Thijs Raymakers <thijs(a)raymakers.nl> KVM: x86: use array_index_nospec with indices that come from guest Li Nan <linan122(a)huawei.com> efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare Eric Dumazet <edumazet(a)google.com> sctp: initialize more fields in sctp_v6_from_sk() Rohan G Thomas <rohan.g.thomas(a)altera.com> net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts Alexei Lazar <alazar(a)nvidia.com> net/mlx5e: Set local Xoff after FW update Alexei Lazar <alazar(a)nvidia.com> net/mlx5e: Update and set Xon/Xoff upon port speed set Alexei Lazar <alazar(a)nvidia.com> net/mlx5e: Update and set Xon/Xoff upon MTU set Yeounsu Moon <yyyynoom(a)gmail.com> net: dlink: fix multicast stats being counted incorrectly Kuniyuki Iwashima <kuniyu(a)google.com> atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). Christoph Hellwig <hch(a)lst.de> net/atm: remove the atmdev_ops {get, set}sockopt methods Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc/kvm: Fix ifdef to remove build warning Oscar Maes <oscmaes92(a)gmail.com> net: ipv4: fix regression in local-broadcast routes Nikolay Kuratov <kniv(a)yandex-team.ru> vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() Damien Le Moal <dlemoal(a)kernel.org> scsi: core: sysfs: Correct sysfs attributes access rights Tengda Wu <wutengda(a)huaweicloud.com> ftrace: Fix potential warning in trace_printk_seq during ftrace_dump Randy Dunlap <rdunlap(a)infradead.org> pinctrl: STMFX: add missing HAS_IOMEM dependency ------------- Diffstat: Makefile | 4 +-- arch/powerpc/kernel/kvm.c | 8 ++--- arch/x86/kvm/lapic.c | 3 ++ arch/x86/kvm/x86.c | 7 ++-- drivers/atm/atmtcp.c | 17 +++++++-- drivers/atm/eni.c | 17 --------- drivers/atm/firestream.c | 2 -- drivers/atm/fore200e.c | 27 --------------- drivers/atm/horizon.c | 40 ---------------------- drivers/atm/iphase.c | 16 --------- drivers/atm/lanai.c | 2 -- drivers/atm/solos-pci.c | 2 -- drivers/atm/zatm.c | 16 --------- drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4 +-- drivers/gpu/drm/drm_dp_helper.c | 2 +- drivers/hid/hid-asus.c | 8 ++++- drivers/hid/hid-ntrig.c | 3 ++ drivers/hid/wacom_wac.c | 1 + drivers/net/ethernet/dlink/dl2k.c | 2 +- .../ethernet/mellanox/mlx5/core/en/port_buffer.c | 3 +- .../ethernet/mellanox/mlx5/core/en/port_buffer.h | 12 +++++++ drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 19 +++++++++- drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c | 4 --- drivers/net/usb/qmi_wwan.c | 3 ++ drivers/pinctrl/Kconfig | 1 + drivers/scsi/scsi_sysfs.c | 4 +-- drivers/vhost/net.c | 9 +++-- fs/efivarfs/super.c | 4 +++ include/linux/atmdev.h | 10 +----- kernel/trace/trace.c | 4 +-- net/atm/common.c | 29 ++++++++-------- net/bluetooth/hci_event.c | 12 ++++++- net/ipv4/route.c | 10 ++++-- net/sctp/ipv6.c | 2 ++ 34 files changed, 129 insertions(+), 178 deletions(-)

1 week, 4 days

7
30
0 0

[PATCH] As the doc of of_parse_phandle() states: "The device_node pointer with refcount incremented. Use * of_node_put() on it when done."

by Miaoqian Lin

The function doesn't calls of_node_put() to release this reference, causing a reference leak. Move the of_parse_phandle() call after devm_kzalloc() and add the missing of_node_put() call immediately after of_address_to_resource() to properly release the device node reference. Found via static analysis. Fixes: 9a10c7e6519b ("drm/simpledrm: Add support for system memory framebuffers") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/gpu/drm/sysfb/simpledrm.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/sysfb/simpledrm.c b/drivers/gpu/drm/sysfb/simpledrm.c index 8530a3ef8a7a..f0bd7e958398 100644 --- a/drivers/gpu/drm/sysfb/simpledrm.c +++ b/drivers/gpu/drm/sysfb/simpledrm.c @@ -183,15 +183,16 @@ simplefb_get_memory_of(struct drm_device *dev, struct device_node *of_node) struct resource *res; int err; - np = of_parse_phandle(of_node, "memory-region", 0); - if (!np) - return NULL; - res = devm_kzalloc(dev->dev, sizeof(*res), GFP_KERNEL); if (!res) return ERR_PTR(-ENOMEM); + np = of_parse_phandle(of_node, "memory-region", 0); + if (!np) + return NULL; + err = of_address_to_resource(np, 0, res); + of_node_put(np); if (err) return ERR_PTR(err); -- 2.35.1

1 week, 4 days

2
1
0 0

[PATCH] media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled

by Miaoqian Lin

The function calls of_parse_phandle() which returns a device node with an incremented reference count. When the bonded device is not available, the function returns NULL without releasing the reference, causing a reference leak. Add of_node_put(np) to release the device node reference. The of_node_put function handles NULL pointers. Found through static analysis by reviewing the doc of of_parse_phandle() and cross-checking its usage patterns across the codebase. Fixes: 7625ee981af1 ("[media] media: platform: rcar_drif: Add DRIF support") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/media/platform/renesas/rcar_drif.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/media/platform/renesas/rcar_drif.c b/drivers/media/platform/renesas/rcar_drif.c index fc8b6bbef793..c5d676eb1091 100644 --- a/drivers/media/platform/renesas/rcar_drif.c +++ b/drivers/media/platform/renesas/rcar_drif.c @@ -1246,6 +1246,7 @@ static struct device_node *rcar_drif_bond_enabled(struct platform_device *p) if (np && of_device_is_available(np)) return np; + of_node_put(np); return NULL; } -- 2.35.1

1 week, 4 days

4
3
0 0

[stable-6.16|lts-6.12] net: ipv4: fix regression in local-broadcast routes

by Sedat Dilek

Hi Sasha and Greg, Salvatore Bonaccorso <carnil(a)debian.org> from Debian Kernel Team included this regression-fix already. Upstream commit 5189446ba995556eaa3755a6e875bc06675b88bd "net: ipv4: fix regression in local-broadcast routes" As far as I have seen this should be included in stable-6.16 and LTS-6.12 (for other stable branches I simply have no interest - please double-check). I am sure Sasha's new kernel-patch-AI tool has catched this - just kindly inform you. Thanks. Best regards, -Sedat- https://salsa.debian.org/kernel-team/linux/-/commit/194de383c5cd5e8c22cadfc… https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?…

1 week, 4 days

4
4
0 0

[PATCHSET RFC v4 1/4] fuse: general bug fixes

by Darrick J. Wong

Hi all, Here's a collection of fixes that I *think* are bugs in fuse, along with some scattered improvements. If you're going to start using this code, I strongly recommend pulling from my git trees, which are linked below. This has been running on the djcloud for months with no problems. Enjoy! Comments and questions are, as always, welcome. --D kernel git tree: https://git.kernel.org/cgit/linux/kernel/git/djwong/xfs-linux.git/log/?h=fu… --- Commits in this patchset: * fuse: fix livelock in synchronous file put from fuseblk workers * fuse: flush pending fuse events before aborting the connection * fuse: capture the unique id of fuse commands being sent * fuse: implement file attributes mask for statx * fuse: update file mode when updating acls * fuse: propagate default and file acls on creation * fuse: enable FUSE_SYNCFS for all servers --- fs/fuse/fuse_i.h | 14 +++++++ fs/fuse/acl.c | 95 ++++++++++++++++++++++++++++++++++++++++++++++++++ fs/fuse/dev.c | 44 +++++++++++++++++++++++ fs/fuse/dev_uring.c | 8 ++++ fs/fuse/dir.c | 96 +++++++++++++++++++++++++++++++++++++++------------ fs/fuse/file.c | 10 +++++ fs/fuse/inode.c | 5 +++ 7 files changed, 245 insertions(+), 27 deletions(-)

1 week, 4 days

2
3
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror